A comprehensive WordPress plugin for managing CV distribution and promotional subscriptions with secure download links, integrated PDF viewer, and professional email automation.
- Features
- Installation
- Configuration
- Usage
- Admin Interface
- Shortcodes
- Email Templates
- Security Features
- Database Schema
- API Reference
- Troubleshooting
- Changelog
- CV Distribution System: Secure CV sharing with unique download links (custom file name supported)
- Integrated PDF Viewer: Professional in-browser CV viewing experience
- Subscription Management: Collect and manage email subscriptions
- Download Analytics: Track downloads and user engagement
- Link Tracking & Analytics: Monitor every unique link β views, clicks, click-through rate, status, expiry
- Email Automation: Professional HTML email templates
- Terms & Conditions: Customizable legal terms for CV and promotions
- File Distribution System: Share any ZIP (or other file) with the same secure workflow (custom file name supported)
- Unique Tokens: 32-character secure tokens for each download
- Time-based Expiration: Links expire after 7 days
- Download Limits: Maximum 3 downloads per link
- Email Validation: Prevent duplicate subscriptions
- CSRF Protection: WordPress nonce verification
- SQL Injection Prevention: Prepared statements throughout
- Responsive Design: Mobile-first approach
- Professional UI: Modern gradient designs and animations
- AJAX Forms: Seamless form submissions without page reload
- Error Handling: Clear user feedback for all scenarios
- Accessibility: Screen reader friendly with proper ARIA labels
- Download the plugin ZIP file
- Go to WordPress Admin β Plugins β Add New
- Click "Upload Plugin" and select the ZIP file
- Click "Install Now" and then "Activate"
- Upload the
palmerita-subscriptionsfolder to/wp-content/plugins/ - Activate the plugin through the 'Plugins' menu in WordPress
- The plugin will automatically create required database tables
- WordPress 5.0 or higher
- PHP 7.4 or higher
- MySQL 5.6 or higher
- Navigate to Digital Nomad Subscriptions in your WordPress admin
- Go to CV Manager to upload your CV file
- Configure Terms & Conditions for legal compliance
- Test the system using the preview links
- Go to Digital Nomad Subscriptions β CV Manager
- Upload a PDF file (max 10MB)
- You can now set a custom file name for your CV before uploading. The system will use this name for all download links.
- Test the viewer using the "Test Viewer Page" button
- Go to Digital Nomad Subscriptions β File Manager
- Upload your file (ZIP or other allowed type)
- You can now set a custom file name before uploading. The system will use this name for all download links.
- You can delete or replace the file at any time from the admin panel.
The plugin now ships with its own Email Settings panel:
- Go to Subscriptions β Email Settings.
- Select a provider (Brevo, SendGrid, Zoho) or choose "Custom".
- Host, Port and Encryption fields are auto-filled; adjust if needed.
- Enter username/password (or API key), "From Email" and "From Name".
- (Optional) Enable reCAPTCHA v3 and add Site Key / Secret.
- Save and click Send Test Email to verify delivery.
No additional SMTP plugin is required.
- CV Request: Click "Get my CV" button on your website
- Email Submission: Enter email address in the modal
- Email Receipt: Receive secure viewing link via email
- CV Viewing: Click link to view CV in integrated browser viewer
- Download Option: Download PDF directly from viewer page
- Dashboard: Monitor subscription statistics and recent activity
- CV Management: Upload, replace, or delete CV files
- Subscription Lists: View and manage all email subscriptions
- Terms Management: Update legal terms and conditions
- Analytics: Track download patterns and user engagement
- Statistics Overview: Total subscriptions, downloads, recent activity
- Quick Actions: Direct links to all management pages
- Recent Subscriptions: Latest email submissions with timestamps
- System Status: CV upload status and configuration checks
- Upload Interface: Drag-and-drop CV upload with validation
- File Management: Replace, delete, or rename existing CV files (custom file name field)
- Preview Tools: Test viewer and direct PDF preview
- Usage Instructions: Step-by-step guide for the CV system
- Subscription Table: Paginated list of all CV requests
- Search & Filter: Find specific subscriptions by email or date
- Bulk Actions: Mass delete or export subscriptions
- Download Tracking: View download counts and last access times
- Promotional Subscriptions: Manage marketing email list
- Bulk Operations: Export for email marketing platforms
- Subscription Analytics: Track promotional signup patterns
- ZIP Upload: Upload/replace the file you wish to distribute
- File Name: Set or edit the custom file name for the distributed file
- Current File: Quick link to the active file
- Modal Text: Set custom title & description for the download modal
- WYSIWYG Editor: Rich text editing for legal terms
- Separate Terms: Different terms for CV and promotional subscriptions
- Public URLs: Direct links for transparency and compliance
- Titles & Descriptions: Customise modal headline and explanatory copy for each button (CV, Promotions, File).
- Button Appearance: Change default label, emoji/icon and background colour without touching code.
- Non-destructive: Leave fields empty to keep the built-in defaults.
- Link Dashboard: Total links, click-through rate, today's clicks
- Filters & Search: By type, status, clicked/unclicked, email
- Export: CSV export of full link dataset
- Database Upgrade Wizard: Adds tracking columns for legacy installs
- Status Check: Verifies version and missing columns
- One-click Upgrade: Safe schema update with nonce & capability checks
La ediciΓ³n de emails ahora es completamente visual y accesible desde el admin de WordPress:
- Editor visual HTML para los tres tipos de email: CV, File, Promo.
- Tabs grandes con iconos para cambiar entre plantillas.
- PrevisualizaciΓ³n en vivo del email a medida que editas.
- BotΓ³n "Restaurar por defecto" para cada plantilla (AJAX, sin recargar la pΓ‘gina).
- Instrucciones visuales y ejemplos de tokens disponibles:
{{download_url}},{{subscriber_help}}. - Feedback animado al guardar o restaurar plantillas.
- ValidaciΓ³n de tokens en el preview.
- Carga automΓ‘tica del HTML por defecto si el campo estΓ‘ vacΓo.
- Compatibilidad CSS completa: Se permiten etiquetas
<style>y atributosstyle=, por lo que puedes personalizar el diseΓ±o sin restricciones. - Guarda y persiste: Los cambios se almacenan de forma segura; al volver a la pΓ‘gina los verΓ‘s tal cual los dejaste.
- Editor CodeMirror con resaltado de sintaxis, autocompletado y atajos de teclado.
- No es necesario editar PHP: todo se gestiona desde el admin.
- Ve a Subscriptions β Email Templates en el admin de WordPress.
- Edita el HTML de cada email usando el editor visual.
- Usa el botΓ³n "Restaurar por defecto" si quieres volver al diseΓ±o original.
- Visualiza los cambios en tiempo real en el panel de previsualizaciΓ³n.
{{download_url}}: Enlace seguro de descarga/visualizaciΓ³n.{{subscriber_help}}: Mensaje de ayuda (configurable en Email Settings).
- Selecciona la plantilla (CV, File, Promo) usando los tabs con iconos.
- Edita el HTML en el editor visual.
- Visualiza el resultado en el panel de preview.
- Haz clic en "Restaurar por defecto" para volver al HTML original.
- Guarda los cambios y recibirΓ‘s feedback animado de Γ©xito.
- Generation:
wp_generate_password(32, false)for cryptographic security - Uniqueness: Database constraint prevents token collisions
- Expiration: Automatic expiration after 7 days
- Single Use: Configurable download limits (default: 3)
- Email Validation:
is_email()WordPress validation - SQL Injection: All queries use
$wpdb->prepare() - XSS Prevention:
esc_html(),esc_url(),esc_attr()throughout - CSRF Protection: WordPress nonces on all forms
| Mechanism | Description |
|---|---|
| Unique Tokens (32-char) | Secure download links, 7-day validity, 3 downloads max |
| WordPress Nonces (CSRF) | Protection on AJAX actions and CSV export |
| Prepared SQL | Prevents SQL injection |
| Honeypot | Hidden field blocks basic bots |
| Rate Limiting | Max 5 requests per IP every 10 minutes |
| reCAPTCHA v3 (optional) | Behaviour-based risk scoring (score β₯ threshold) |
| PHPMailer SMTP | Authenticated sending via TLS/SSL |
-
Install Dependencies
cd wp-content/plugins/palmerita-subscriptions composer install -
Set Up WordPress Test Environment
# Install WordPress test suite bash bin/install-wp-tests.sh wordpress_test root '' localhost latest
-
Configure Test Environment
# Set environment variable for tests export WP_TESTS_DIR=/tmp/wordpress-tests-lib
# Run all tests
composer test
# Run tests with coverage
composer test-coverage
# Run specific test class
vendor/bin/phpunit tests/test-palmerita-subscriptions.php
# Run specific test method
vendor/bin/phpunit --filter test_successful_cv_subscription# Check coding standards
composer cs
# Fix coding standards automatically
composer cbf
# Install coding standards (first time)
composer install-codestandardsThe plugin includes comprehensive unit tests covering:
- β Plugin Initialization: Singleton pattern, constants, hooks registration
- β Database Operations: Table creation, data insertion, validation
- β AJAX Handling: CV and promotional subscription processing
- β Input Validation: Email validation, nonce verification, sanitization
- β Download Management: Link generation, token validation, expiration
- β Email System: Template generation, sending, error handling
- β Security Features: Download limits, token security, duplicate prevention
- β Shortcode Functionality: Button rendering, attribute handling
- β Admin Interface: Menu creation, page rendering
- β Error Handling: Edge cases, invalid inputs, system failures
Coverage reports are generated in tests/coverage/html/ directory.
tests/
βββ bootstrap.php # PHPUnit bootstrap
βββ helpers/
β βββ test-helper.php # Test utility functions
βββ test-palmerita-subscriptions.php # Main plugin tests
βββ test-download-manager.php # Download manager tests
class MyCustomTest extends WP_UnitTestCase {
public function setUp(): void {
parent::setUp();
// Set up test environment
PalmeritaSubscriptionsTestHelper::cleanup_test_data();
}
public function test_my_functionality() {
// Create test data
$subscription_id = PalmeritaSubscriptionsTestHelper::create_test_subscription();
// Test your functionality
$result = my_function();
// Assert results
$this->assertTrue($result);
}
public function tearDown(): void {
// Clean up
PalmeritaSubscriptionsTestHelper::cleanup_test_data();
parent::tearDown();
}
}
### Access Control
- **Admin Only**: All admin pages require `manage_options` capability
- **Public URLs**: Secure public access for terms and CV viewer
- **Rate Limiting**: Prevents spam through email validation
## ποΈ Database Schema
### `wp_palmerita_subscriptions`
```sql
CREATE TABLE wp_palmerita_subscriptions (
id mediumint(9) NOT NULL AUTO_INCREMENT,
email varchar(100) NOT NULL,
type varchar(20) NOT NULL DEFAULT 'cv',
created datetime DEFAULT CURRENT_TIMESTAMP NOT NULL,
PRIMARY KEY (id),
UNIQUE KEY email_type (email, type),
KEY email (email),
KEY type (type),
KEY created (created)
);CREATE TABLE wp_palmerita_downloads (
id mediumint(9) NOT NULL AUTO_INCREMENT,
subscription_id mediumint(9) NOT NULL,
email varchar(100) NOT NULL,
token varchar(64) NOT NULL,
expires datetime NOT NULL,
downloads int(11) DEFAULT 0,
max_downloads int(11) DEFAULT 3,
created datetime DEFAULT CURRENT_TIMESTAMP NOT NULL,
last_download datetime NULL,
status varchar(20) DEFAULT 'active' NOT NULL,
PRIMARY KEY (id),
UNIQUE KEY token (token),
KEY subscription_id (subscription_id),
KEY email (email),
KEY expires (expires)
);Endpoint: wp_ajax_palmerita_subscribe / wp_ajax_nopriv_palmerita_subscribe
Parameters:
email(string, required): Valid email addresstype(string, required): 'cv' or 'promo'nonce(string, required): WordPress nonce
Response:
{
"success": true,
"data": {
"message": "Success message"
}
}URL Pattern: /palmerita-cv-viewer/{token}
{token}: 32-character unique download token- Example:
/palmerita-cv-viewer/abc123def456...
URL Patterns:
/palmerita-terms/cv- CV subscription terms/palmerita-terms/promo- Promotional subscription terms
URL Pattern: /palmerita-download/{token}
- Redirects to CV viewer for better UX
Main plugin class handling initialization and admin interface.
Key Methods:
init(): Initialize plugin hooks and actionscreate_admin_menu(): Set up admin menu structurehandle_ajax_subscription(): Process AJAX form submissions
Handles secure download link generation and management.
Key Methods:
generate_download_link($email, $subscription_id): Create secure download linkprocess_download($token): Validate and process download requestssend_download_email($email, $download_url): Send professional emailcleanup_expired_downloads(): Maintenance function for old records
Cause: CV file not uploaded or incorrect file path Solution:
- Go to CV Manager in admin
- Upload a PDF file
- Verify file exists in
/assets/cv/Hanaley-Palma-CV.pdf
Cause: WordPress mail configuration issues Solution:
- Install WP Mail SMTP plugin
- Configure with reliable SMTP service (SendGrid recommended)
- Test email from WordPress admin
Cause: Rewrite rules not flushed Solution:
- Go to Settings β Permalinks
- Click "Save Changes" (flushes rewrite rules)
- Test viewer URL again
Cause: Plugin activation issues or insufficient permissions Solution:
- Deactivate and reactivate plugin
- Check database user permissions
- Verify WordPress can create tables
Enable WordPress debug mode to troubleshoot issues:
// In wp-config.php
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);Check /wp-content/debug.log for error messages.
For technical support or feature requests:
- Email: hana@palmeratech.net
- Website: palmeratech.net
- Documentation: Check this README for detailed information
- Indexes: Proper indexing on frequently queried columns
- Cleanup: Automatic removal of expired download records
- Pagination: Admin lists use pagination to handle large datasets
- Object Caching: Compatible with Redis, Memcached
- Page Caching: Public pages cache-friendly
- CDN Ready: Static assets can be served via CDN
- CV Storage: Single file storage prevents bloat
- Automatic Cleanup: Old download records are automatically removed
- File Size Limits: 10MB maximum for CV uploads
Release Date: May 2024
New Features:
- π CSV export now forces direct download (no in-browser rendering)
- βοΈ Built-in SMTP settings panel with provider auto-fill
- π§ AJAX "Send Test Email" utility
- π‘οΈ Honeypot + IP rate-limit + optional reCAPTCHA v3
- π Compact modal (max-width 440 px) and UI polish
- π οΈ File Manager to upload and share a single ZIP with secure tokens
- π Modal Copy Customization: New admin panel "Modal Copy" allows users to edit titles, descriptions, and button appearance (text, icon, color) for CV, Promo, and File modals without touching code.
- π Submit button text in the modal is now fully customizable for each type.
- π οΈ Shortcodes
[palmerita_cv_button],[palmerita_promo_button], and[palmerita_file_button]now respect the custom text, icon, and colors set in the admin panel. - π οΈ Corrected an issue where special characters (e.g., apostrophes) were being escaped with backslashes in the admin panel.
- π οΈ Adjusted modal CSS to prevent it from stretching to full-width on larger screens, maintaining the design system's integrity.
Security Enhancements:
- Includes all mechanisms listed in Security Features above
Release Date: May 2024
Features:
- π CSV export now uses
admin_initto prevent header conflicts. - βοΈ Updated admin dashboard with new stats and quick actions.
- π οΈ Security model for file downloads now uses the same token/expiry logic as the CV.
Release Date: January 2025
Features:
- β Complete subscription management system
- β Secure download link generation with unique tokens
- β Integrated PDF viewer for professional CV presentation
- β Professional HTML email templates with responsive design
- β Comprehensive admin interface with statistics dashboard
- β Terms & conditions management with WYSIWYG editor
- β Multiple shortcodes for flexible frontend integration
- β Full English translation and professional messaging
- β Security features including CSRF protection and SQL injection prevention
- β Mobile-responsive design with modern UI/UX
- β Automatic cleanup of expired download links
- β Bulk operations for subscription management
Technical Specifications:
- WordPress 5.0+ compatibility
- PHP 7.4+ requirement
- MySQL 5.6+ support
- AJAX-powered forms
- RESTful URL structure
- Comprehensive error handling
Security Enhancements:
- 32-character unique tokens
- 7-day expiration policy
- 3-download limit per link
- Email validation and duplicate prevention
- WordPress nonce verification
- Prepared SQL statements
This plugin is proprietary software developed for Digital Nomad Subscriptions. All rights reserved.
Copyright Β© 2025 Hanaley Palma - Digital Nomad Subscriptions
Developer: Hanaley Mosley
Company: Hanamoss
Website: palmeratech.com
Email: hmosley@palmeratech.com
Technologies Used:
- WordPress Plugin API
- PHP 7.4+
- MySQL Database
- HTML5 & CSS3
- JavaScript (ES6+)
- AJAX for seamless UX
- Responsive Web Design
This documentation is maintained and updated regularly. For the latest version, please check the plugin repository or contact support.
Stable tag: 1.2.0 Tested up to: 6.5.3